News – Page 519

Understanding and stopping 5 popular cybersecurity exploitation techniques

Posted on 12 July 2021

From helpnetsecurity.com

With more than 550,000 new malware samples being discovered every day, closing the security gaps that enable these cyberthreats to access systems should be a priority for organizations. Unfortunately, many are leaving themselves needlessly exposed to risk.

Exploits are often associated with zero-day attacks that take advantage of vulnerabilities not yet known to the software provider, which means there are no patches yet available. A study by Google revealed there were 24 zero-days vulnerabilities exploited by attackers in 2020.

Now a website to track down ransomware payments

Posted on 12 July 2021

From cybersecurity-insiders.com

Ransomwhere, a dedicated website to track down ransomware payments, was launched by a security researcher named Jack Cable. The website will act as a dashboard that will keep a track of ransomware payments by strain and will also help security researchers conduct more analysis by presenting to them raw data that machine learning tools can easily analyze.

Mr. Cable, who worked as a security advisor to CISA, was seen reviewing the digital security arrangements for the 2020 elections. He had a vision to keep a check on where all ransomware payments were going and to which wallets.

Cities Key in War on Ransomware, Neuberger Tells Mayors

Posted on 12 July 2021

From securityboulevard.com

cities mayors collaboration remote workforce security

When the cybersecurity industry talks about how critical public-private collaboration is to fending off and responding to threats, most of the “public” part of the conversation centers around the federal government, with individual states more recently finding a louder voice.

But an all-out defense against the kind of attacks recently seen against supply chains, critical infrastructure and OT targets requires the involvement of government at all levels, which is likely why mayors from across the country were asked by Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger “to immediately convene heads of state agencies to review their cybersecurity posture and continuity plans.”

Speaking virtually to the U.S. Conference of Mayors, Neuberger said the Biden administration is hammering out a “cohesive and consistent approach” to guide cities on how to handle ransomware attacks, including whether they should pay a ransom or not.

RATs Take a Toll on Organizations Across Critical Sectors

Posted on 12 July 2021

From cyware.com

RATs Take a Toll on Organizations Across Critical Sectors

Remote Access Trojans (RATs) are biting organizations badly across the world while leaving behind a big hole in their critical assets and infrastructures. The scary part is that threat actors have started updating their arsenal with multiple RATs to launch devastating cyberespionage campaigns.

Magecart hackers hide stolen credit card data into images and bogus CSS files

Posted on 12 July 2021

From securityaffairs.co

Magecart hackers have devised a new technique to obfuscating the malware within comment blocks and hide stolen credit card data into images evading detection.

Hacker groups under the Magecart umbrella continue to target e-stores to steal payment card data with software skimmers. Security firms have monitored the activities of a dozen groups at least since 2010.

According to a previous report published by RiskIQ and FlashPoint, some groups are more advanced than others, in particular, the gang tracked as Group 4 appears to be very sophisticated.

The list of victims of the groups is long and includes several major platforms such as British Airways, Newegg, Ticketmaster, MyPillow and Amerisleep, and Feedify.

Enhancing threat intelligence using new STIX and TAXII standards

Posted on 12 July 2021

From blog.avast.com

Invitation to comment on STIX™ V2.1 and TAXII™ V2.1 before Call for Consent as OASIS Standards - ends April 23rd - OASIS Open

The latest round of both standards have been implemented by numerous vendors, including Avast

For many years, cybersecurity companies have invested in building sensor networks and detection capabilities to build a greater understanding of adversaries’ tactics, ever-changing techniques, and the threats posed to the world’s internet community.

Whether it’s a consumer using their phone in an airport, a remote worker sitting at home connecting to their business, or larger organizations protecting many thousands of assets, security companies all require data on those activities.

How to Prepare for a Cyberattack

Posted on 12 July 2021

From securityboulevard.com

Preventing cyberattacks isn’t easy. If it were, there wouldn’t be a continuous stream of ransomware attacks dominating news feeds, nor would the president of the United States feel compelled to issue executive orders on cybersecurity or to declare that ransomware attacks should be treated like terrorism.

While preventing cyberattacks isn’t easy, avoiding one is a matter of luck, proper planning or a combination of both. It is, after all, important to remember that attackers play by their own rules, and increasingly they’re looking to hit a proverbial home run with a large payout, like the one Colonial Pipeline made following their ransomware attack.

When it comes to defending against a cyberattack, I’d much prefer to be prepared and have a little bit of luck on my side than to pick up the pieces after a cybersecurity incident. With that in mind, here is a blueprint you can use to help prepare for a cyberattack and, ideally, avoid becoming a victim of one altogether.